[OpenSIPS-Users] No RADIUS traffic

Uwe Kastens kiste at kiste.org
Tue Jun 9 09:26:39 CEST 2009


Hi,

cat radiusclient.conf |grep -v ^#|grep -v ^$
auth_order	radius,local
login_tries	4
login_timeout	60
nologin /etc/nologin
issue	/etc/radiusclient-ng/issue
authserver 	localhost
acctserver 	localhost
servers		/etc/radiusclient-ng/servers
dictionary 	/etc/radiusclient-ng/dictionary
login_radius	/usr/sbin/login.radius
seqfile		/var/run/opensips/radius.seq
mapfile		/etc/radiusclient-ng/port-id-map
default_realm
radius_timeout	10
radius_retries	3
bindaddr localhost
login_local	/bin/login

BR

Uwe



Leon Li schrieb:
> Hi,
> 
> What is your radiusclient.conf like?
> 
> Regards,
> Leon 
> 
> -----Original Message-----
> From: Uwe Kastens [mailto:kiste at kiste.org] 
> Sent: Friday, 5 June 2009 7:28 PM
> To: Leon Li
> Cc: users at lists.opensips.org
> Subject: Re: [OpenSIPS-Users] No RADIUS traffic
> 
> Hi,
> 
> I do not have that login.radius on my system - I think its not used with
> opensips. I would say there might be an permissions issue. I can
> remember I had lots of trouble, cause I don't wanted to run everything
> as root:root.
> 
> 
> My setup looks like that
> 
> seqfile         /var/run/opensips/radius.seq with
> -rw-r--r-- 1 opensips opensips
> 
> and
> 
> drwxr-xr-x  opensips opensips  /etc/radiusclient-ng
> 
> BR
> 
> Uwe
> 
> 
> 
> Leon Li schrieb:
>> There is no such a file in the directory. Will it be generated by
>> radiusclient-ng?
>>
>> Also, the radiusclient.conf shows:
>>> # program to call for a RADIUS authenticated login
>>>
>>> login_radius    /usr/local/sbin/login.radius
>> I checked /usr/local/sbin/login.radius, but it is only a dummy script.
>> How it can be changed?
>>
>> Thanks,
>> Leon 
>>
>> -----Original Message-----
>> From: Uwe Kastens [mailto:kiste at kiste.org] 
>> Sent: Thursday, 4 June 2009 5:12 PM
>> To: Leon Li
>> Cc: users at lists.opensips.org
>> Subject: Re: [OpenSIPS-Users] No RADIUS traffic
>>
>> Hi,
>>
>> If I remember it correctly I had the same problem some day and it was
>> caused by wrong permissions on /var/run/radius.seq.
>>
>> Just a guess
>>
>> BR
>>
>> Uwe
>>
>>
>> Leon Li schrieb:
>>> Hi,
>>>
>>>  
>>>
>>> I am try to use RADIUS server. However, after configuration, I found
>>> there is no RADIUS traffic at all.
>>>
>>>  
>>>
>>> Log shows:
>>>
>>> Jun  4 06:45:59  /usr/local/sbin/openser[396]: rc_avpair_new: unknown
>>> attribute 5
>>>
>>> Jun  4 06:45:59  /usr/local/sbin/openser[396]:
>>> ERROR:auth_radius:radius_authorize_sterman: rc_auth failed
>>>
>>>  
>>>
>>> But nothing on RADIUS server end.
>>>
>>>  
>>>
>>> OpenSIPs + radiusclient-ng on one box and RADIUS is on another.
>>>
>>>  
>>>
>>> My radiusclient.conf is like:
>>>
>>>  
>>>
>>> # General settings
>>>
>>>  
>>>
>>> # specify which authentication comes first respectively which
>>>
>>> # authentication is used. possible values are: "radius" and "local".
>>>
>>> # if you specify "radius,local" then the RADIUS server is asked
>>>
>>> # first then the local one. if only one keyword is specified only
>>>
>>> # this server is asked.
>>>
>>> auth_order      radius,local
>>>
>>>  
>>>
>>> # maximum login tries a user has
>>>
>>> login_tries     4
>>>
>>>  
>>>
>>> # timeout for all login tries
>>>
>>> # if this time is exceeded the user is kicked out
>>>
>>> login_timeout   60
>>>
>>>  
>>>
>>> # name of the nologin file which when it exists disables logins.
>>>
>>> # it may be extended by the ttyname which will result in
>>>
>>> # a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable
>>>
>>> # logins on /dev/ttyS2)
>>>
>>> nologin /etc/nologin
>>>
>>>  
>>>
>>> # name of the issue file. it's only display when no username is
> passed
>>> # on the radlogin command line
>>>
>>> issue   /usr/local/etc/radiusclient-ng/issue
>>>
>>>  
>>>
>>> # RADIUS settings
>>>
>>>  
>>>
>>> # RADIUS server to use for authentication requests. this config
>>>
>>> # item can appear more then one time. if multiple servers are
>>>
>>> # defined they are tried in a round robin fashion if one
>>>
>>> # server is not answering.
>>>
>>> # optionally you can specify a the port number on which is remote
>>>
>>> # RADIUS listens separated by a colon from the hostname. if
>>>
>>> # no port is specified /etc/services is consulted of the radius
>>>
>>> # service. if this fails also a compiled in default is used.
>>>
>>> authserver      202.158.212.103:1812
>>>
>>>  
>>>
>>> # RADIUS server to use for accouting requests. All that I
>>>
>>> # said for authserver applies, too.
>>>
>>> #
>>>
>>> acctserver      202.158.212.103:1813
>>>
>>>  
>>>
>>> # file holding shared secrets used for the communication
>>>
>>> # between the RADIUS client and server
>>>
>>> servers         /usr/local/etc/radiusclient-ng/servers
>>>
>>>  
>>>
>>> # dictionary of allowed attributes and values
>>>
>>> # just like in the normal RADIUS distributions
>>>
>>> dictionary      /usr/local/etc/radiusclient-ng/dictionary
>>>
>>>  
>>>
>>> # program to call for a RADIUS authenticated login
>>>
>>> login_radius    /usr/local/sbin/login.radius
>>>
>>>  
>>>
>>> # file which holds sequence number for communication with the
>>>
>>> # RADIUS server
>>>
>>> seqfile         /var/run/radius.seq
>>>
>>>  
>>>
>>> # file which specifies mapping between ttyname and NAS-Port attribute
>>>
>>> mapfile         /usr/local/etc/radiusclient-ng/port-id-map
>>>
>>>  
>>>
>>> # default authentication realm to append to all usernames if no
>>>
>>> # realm was explicitly specified by the user
>>>
>>> # the radiusd directly form Livingston doesnt use any realms, so
> leave
>>> # it blank then
>>>
>>> default_realm
>>>
>>> #aarnet.edu.au
>>>
>>>  
>>>
>>> # time to wait for a reply from the RADIUS server
>>>
>>> radius_timeout  10
>>>
>>>  
>>>
>>> # resend request this many times before trying the next server
>>>
>>> radius_retries  3
>>>
>>>  
>>>
>>> # local address from which radius packets have to be sent
>>>
>>> bindaddr *
>>>
>>>  
>>>
>>> # LOCAL settings
>>>
>>>  
>>>
>>> # program to execute for local login
>>>
>>> # it must support the -f flag for preauthenticated login
>>>
>>> login_local     /bin/login
>>>
>>>  
>>>
>>> Any suggestion will be appreciated.
>>>
>>>  
>>>
>>> Thanks
>>>
>>> Leon
>>>
>>>  
>>>
>>>  
>>>
>>>
>>>
> ------------------------------------------------------------------------
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
> 
> 


-- 

kiste lat: 54.322684, lon: 10.13586



More information about the Users mailing list